• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Enabling a second LAN interface - can't connect

Scheduled Pinned Locked Moved NAT
4 Posts 2 Posters 767 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C
    CyberMinion
    last edited by CyberMinion Jun 9, 2020, 4:51 AM Jun 9, 2020, 4:43 AM

    I am using an NG-1100 running pfsense 2.4.5-RELEASE. I have used it for some time with just the WAN and LAN interfaces. I am using IPv4 for everything, although IPv6 is currently enabled.

    I am now trying to make use of the additional Ethernet port, labeled "OPT." So, I first enabled it under the Interfaces>Opt section. It was defaulting to DHCP, so initially I left that alone, thinking that I would be running a DHCP server on that interface (that might not be what this actually means). Then I went to Services>DHCP Server, but suddenly realized that there was only an option to run DHCP on the LAN interface (which it currently is). I don't really need DHCP, since I will be connecting another NAT router to this OPT port. So, went back to Interfaces>Opt and switched it to static, and assigned the interface the IP 192.168.3.1. I could not specify the subnet mask, but it defaulted to 255.255.255.255, which seems a little odd. I tried setting a static IP on the downstream NAT router (192.168.3.2), but of course that was not accepted by pfsense. In further investigation, I discovered that the OPT port was registered as a gateway on pfsense, so I disabled that (since this is downsteam, not upsteam). I also added a pass rule to the firewall, from the OPT port, to any.

    The result of this is that the downstream device cannot connect (or ping) the pfsense, and which pfsense has seen some packets on that interface, it is not allowing it to connect to or through it.

    The OPT interface currently reads as follows:
    Status - up
    MAC Address - f0:ad:4e:--:--:-- Globalscale Technologies (mac partially redacted just because)
    IPv4 Address - 192.168.3.1
    Subnet mask IPv4 - 255.255.255.255
    IPv6 Link Local - fe80::f2ad:4eff:fe08:6c7b%mvneta0.4092
    MTU - 1500
    Media - 1000baseT <full-duplex>
    In/out packets - 125/8 (59 KiB/448 B)
    In/out packets (pass) - 125/8 (59 KiB/448 B)
    In/out packets (block) - 678/0 (123 KiB/0 B)
    In/out errors - 0/0
    Collisions - 0

    Why can't I enable DHCP here? Why does it almost seem as if this is expected to be an upstream connection, even though that was not its advertised purpose? Why are static addresses not being accepted? Any thought on what I messed up, or what I am missing?

    Thanks!

    G 1 Reply Last reply Jun 9, 2020, 6:42 AM Reply Quote 0
    • G
      Gertjan @CyberMinion
      last edited by Gertjan Jun 9, 2020, 6:46 AM Jun 9, 2020, 6:42 AM

      @CyberMinion said in Enabling a second LAN interface - can't connect:

      o, went back to Interfaces>Opt and switched it to static, and assigned the interface the IP 192.168.3.1. I could not specify the subnet mask, but it defaulted to 255.255.255.255, which seems a little odd.

      Indeed ....
      Look again.
      It will show up this time.

      6cad74d1-f71b-475e-8cf6-00b8a46cb1a2-image.png

      @CyberMinion said in Enabling a second LAN interface - can't connect:

      thinking that I would be running a DHCP server on that interface

      You should check and modify if needed the DHCP server on a LAN type of interface - even if you don't use it.

      If your OPT is called "Portal" (my example) then you see this listed as "DHCP servers" :

      2963406e-c550-4bfd-8e7e-b3f6069926f4-image.png

      I advise you to check your settings, and assign some pool to it.

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      C 1 Reply Last reply Jun 9, 2020, 7:04 PM Reply Quote 1
      • C
        CyberMinion @Gertjan
        last edited by Jun 9, 2020, 7:04 PM

        @Gertjan This is why I shouldn't redesign a network at 2 AM. You're right, that was the problem. I did find the subnet option this time (whether it wasn't there before, or I just didn't see it I don't know) and set it to a proper /24. Then when I go into the DHCP server, there is now a tab for this "OPT" port, which I used to enable the service. This tab was just missing before, I suppose because there wasn't enough IP space for it to run on. And just like that, everything works perfectly. Thank you!!

        G 1 Reply Last reply Jun 10, 2020, 7:46 AM Reply Quote 1
        • G
          Gertjan @CyberMinion
          last edited by Jun 10, 2020, 7:46 AM

          @CyberMinion said in Enabling a second LAN interface - can't connect:

          I suppose because there wasn't enough IP

          Exact.
          If the possible pool size is zero - an /32 implies zero - then pfSense doesn't bother launching a DHCP server on the interface. It wouldn't work anyway.
          The visual GUI effect is : no GUI 'tab'.

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          1 Reply Last reply Reply Quote 0
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received